<?php
/**
 * communit.as
 * @copyright (C)2008 Jaybill McCarthy, All Rights Reserved.
 * @category communitas
 * @package communitas
 * @author Jaybill McCarthy
 * @link http://communit.as communit.as
 * @license http://communit.as/docs/license License
 */

/**
 *
 * @package communitas
 * @subpackage core_lib
 * @license http://communit.as/docs/license License 
 */
 
class AclPlugin extends Zend_Controller_Plugin_Abstract {

	public function preDispatch(Zend_Controller_Request_Abstract $request) {
		$frontController = Zend_Controller_Front :: getInstance();
		$auth = Zend_Auth :: getInstance();
		Zend_Loader::loadClass('Zend_Session');   
		
		$appNamespace = new Zend_Session_Namespace('Cts_Temp');

		if (Zend_Registry :: isRegistered('acl') 
			and Zend_Registry :: isRegistered('guest_role') 
			and Zend_Registry :: isRegistered('admin_role')
			and Zend_Registry :: isRegistered('default_role')
			) {
			$acl = Zend_Registry :: get('acl');
		} else {
			$acl = new Cts_Acl($auth);
			Zend_Registry::set('acl', $acl);
		}

		// determine role
		if ($auth->hasIdentity()) {
			$user = Zend_Auth :: getInstance()->getIdentity();
			$user_role = $user->role_id;
			$user_is_guest = false;
			         
            $defaultNamespace = new Zend_Session_Namespace('Zend_Auth'); 
	        $defaultNamespace->setExpirationSeconds(86400);
		} else {
			$user_role = Zend_Registry::get('guest_role');
			$user_is_guest = true;
		}
		


		$requested = $request->getModuleName() . "-" .
		ucfirst(strtolower($request->getControllerName())) . "-" .
		$request->getActionName();
		//dd($requested);
		$url = $frontController->getBaseUrl() . "/";
		try{
		if(!$acl->has($requested)){
			// this doesn't exist, throw to 404
			$request->setModuleName('default');
			$request->setControllerName('auth');
			$request->setActionName('missing');
		}	else {
		if (!$acl->isAllowed($user_role, $requested)) {
			if ($user_is_guest) {
					$url .= $request->getModuleName() . "/";
					$url .= $request->getControllerName() . "/";
					$url .= $request->getActionName() . "/";

				$params = $request->getParams();					
			    while ($param = current($params)) { 
			    	if(key($params) != "module" and 
			    	key($params) != "controller" and
			    	key($params) != "action")
			    	  				
        			$url .= key($params).'/'.$param ."/";    				
    				next($params);
    				
				}			
				if(substr($url,strlen($url) - 1,1) == "/"){
					$url = substr($url,0,strlen($url) - 1);
				}
						
				//Zend_debug::dump($params);					
				//Zend_debug::dump($url);
				
				// place requested url in the sesson, 
				// unless this is the login controller				
				
				if ($request->getControllerName() != "auth"){
					$appNamespace->requestedUrl = $url;
				} else {
					$appNamespace->requestedUrl = null;
				}
				
				// send on to the login scipt
				$request->setModuleName('default');
				$request->setControllerName('auth');
				$request->setActionName('login');
				
			} else {	
				$request->setModuleName('default');				
				$request->setControllerName('auth');
				$request->setActionName('denied');	
			}
			}
		}
	} catch (Exception $e) {
		//Something bad happened, hose the auth and try again
		//Zend_Debug::dump($e);
		die();
	}
  }
}
